// npm init -y
// npm i express  ejs
const express = require('express')
const path = require('path')
const app = express()
const ejs = require('ejs');

app.set('views', path.join(__dirname, 'views'));
app.engine('html', ejs.__express);
app.set('view engine', 'html');


app.get('/', function (req, res) {
  res.render('index', {title:'express', xss: req.query.xss})
})


app.listen(3000, () => {
  console.log('listening on 3000');
})


// 'http://localhost:3000/?xss=<script>alert('你被攻击了')</script>'

{/* <script>let div = document.createElement('div');document.body.appendChild(div);div.style.width = '300px';div.style.height = '200px';div.style.border = '1px solid black';div.style.position = 'fixed';div.style.top = '300px';div.style.left = '300px'</script> */}